Feeds

back to article Phorm papers reveal BT's backwards approach to wiretap law

BT's long-held claim that legal advice said its Phorm trials did not breach wiretapping laws came under renewed scrutiny today, as documents revealed the firm approached government experts after it had secretly co-opted 18,000 broadband customers into the advertising targeting system. Papers obtained from the Home Office under …

COMMENTS

This topic is closed for new posts.

Page:

Heart

"I suppose I am refuting the suggestion"

No, you are denying it. To refute it you would have to prove it false.

0
0
Silver badge
Flame

This is a test. This is only a test.

"For tests of this nature, regulatory authorities are not normally consulted."

"It's OK, I'm just running a test of whether I can burgle your house, so I don't need to check whether it's legal."

0
0
Coat

Refuting?

To refute something is to provide convincing arguments and/or evidence to the contrary. To deny something is simply to say "I don't think it's true."

Politicians and managers have been lying about refuting things for years now, just because it makes them sound better. Same with "sea change" (oh, so fish have eaten the eyeballs of the NHS, have they?).

"I suppose I am refuting it"... classic. Idiot.

Oliver.

0
0
Anonymous Coward

Thanks Chris

Good little update, especially about internal issues at BT.

0
0
Alien

121Media

Interesting to note too, in Nov 2006 121Media were still called 121Media... not Phorm.

(121Media - prev AdIntelligence - changed name again to Phorm in May 2007)

0
0
Alien

they knew about the legal implications from the outset

I know because I was asked informally what I thought of it (peopleonpage) and my response was:

"it looks like it could ether may a lot of money or land people in prison, I'd leave it well alone"

I can also tell you that the BT representative who showed it to me said that it seemed too much of a risk and that he would advise against it. I wonder where he is now?

0
0
Anonymous Coward

One fun question for BT...

...will be how they keep the Phorm away from the NHS backbone...

0
0
Thumb Down

So, by BT's logic, rape is legal?

If you're only "testing" someone out for sex. Without permission.

Nice one BT.

0
0
Anonymous Coward

Phorm shot JFK

And the Russians are going through my trash. Jeez, guess some people need a good conspiracy to feel alive?!!!

0
0

"with consent from 10,000 customers"

There surely can't be 10,000 BT customers left in the UK who either don't know about this or are too dumb to care about the possible consequences.

Surely?

Please refute this, somebody.

0
0
Anonymous Coward

A good point

"...will be how they keep the Phorm away from the NHS backbone..."

And how will they not collect and profile health and booking info from all of the people booking appointments through choose and Book.

When will BT be called to book and prosecuted.

0
0
Alert

What about the Chiniese servers?

PHORM has recently stated that they do not have database servers outside of the UK, however I remember that the original BT presentation leak did refer to them. From this it can be seen that the data from original covert "trials" is already outside of UK law and our control. BT Retail should to be prosecuted for espionage and made to pay compensation to cover potential future ID theft cost to everyone they sold out. In addition the wholesale section of BT should be returned to the tax payers as they have abused our trust and released our personal data to a foreign power.

0
0
Bronze badge
Stop

Slightly off topic but related...

Has anyone heard any news from VM recently about their involvement with Phorm?

0
0

BT has nothing to worry about

Its the Old Boys Club again! The BT execs, Home Office management - they probably still drink in the same pub together. No wonder the Home Office has helped BT defend itself, they are practically party to the offense.

My guess as to what will happen is that, in true UK Old Boys Club style, nothing will happen to BT. Nothing at all. Vivienne Reding, of the EU, will put pressure on the UK to prosecute, who will protest at the outside interference and continue doing all the nothing they like. BT will surreptitiously launch Phorm under a new name, but will "consult" with the Home Office beforehand, not because they care, just so that they can dot the i's and cross the t's, and claim to Joe Public that this is not illegal and in fact something worth having for more relevant advertising and increased security.

Mark my words, it will happen.

0
0
Boffin

You forgot the eeerrm's and stutters.

"We don't believe this is illegal. We have sought extensive advice, both internally and externally, and prior to conducting this trial... It's not illegal."

Emma Sanderson finds it impossible to speak on that subject without them. A bit of insurance you see.

Boffins are precise in their language. BT execs are not.

0
0

Brewery, pissup

Pissup, brewery

Brewery, pissup

etc.

0
0
Anonymous Coward

Re : Phorm shot JFK

You shouldn't make such accusations. It was never proved.

0
0
Black Helicopters

@AC - not Chinese

Too late! Phorm are hosting webwise.bt.com on behalf of BT. This means that they had access to the BT cookie that contains my BT username. Originally this site was hosted in the US, now it appears to be back in the UK but still hosted by Phorm. I believe BT may have now changed their cookies not to store the user name in clear text but Horse...Stable...

0
0
Alert

@dervheid

"Today BT's spokesman said invitations would be issued "soon". He refused to elaborate, citing fears the project would become a "hostage to fortune". ®"

In other words, they are hoping for a big enough gap between the negative publicity and when they actually have to ask 10,000 people for permission that not too many of them say no.

0
0
Anonymous Coward

Oh My... Blinded By Money

Even before the trials began, they knew that if sucessfull, they would eventually deploy it. And when it is deployed, or rather before deploying/implementing, they would have to ask for government permission. So by foregoing the need for such permission, they risked, back then, wasting huge amounts of resources (time, money, etc) for something that could eventually be trashed? Their logic really flies-off the window.

The only thing that could save their project from being trashed is that the whole procedure in implementing and maintaining such project strictly adhere to any and all laws and procedures that involves privacy. Unfortunately for them, their project reeks of death and decay ..errr.. oh so many violations.

0
0
Happy

@dervheid

Unfortunately I can't refute your statement, only deny it, and then not entirely convincingly.

If you like, I could move the goalposts, get in bed with the cabinet and give you a winning smile!

0
0
Silver badge

Lightning OCUs [Operational Conversion Units]

"it looks like it could ether may a lot of money or land people in prison, I'd leave it well alone".... By Alex Posted Monday 11th August 2008 12:42 GMT

Alex,

That was probably the catalyst which launched the Phish, as people with a lot of money don't land in prison, they flee abroad and seek political asylum if they think they are going to do hard time for crime.

However, it must be realised that Phishing is Ubiquitous in Digital Networks, it is just the Nature of the Beast and the Greed in Man but it does also allow for the Free Placement of Increased and Increasing Value Goods and Services as opposed to being only thought of providing Malicious Services. Patterns of Behaviour do not give absolute results of extrapolated future action.

And if someone is Phishing out of their Depth in SMART Waters, they can be Groomed and Played to Provide whatever you Need whenever you Hook them and Drag them into the Water and into the Deep.

And all those gurning about the outrage are just so upset, because they probably have dirty little secrets to hide which may now be very well known. And the Technology does render the Pompous Posturing Political Prig who would think to be a leading light, something of a Pathetic Candle to Communications Pathfinder Beams.... Lighting the Way with AI Shining ITs Path.

Use IT Better in Better Betas would render ITs Abusers Naked for All to See as Inadequate and they can be Prosecuted for Not being Fit for Common or General Purpose.

0
0

Re: So, by BT's logic, rape is legal?

Even better: McKinnon can use it in his defense: he was only testing their security...

0
0

@Phorm shot JFK

I assume that you'll be volunteering for the next phase of BT trials then?

0
0
Unhappy

Hero to zero?

So far as I can tell, Bruce Schneier has been publicly slient on the subject of Phorm.

For anybody that doesn't know who Bruce Schneier is, then this is his mini-bio from his Crypto-gram newsletter (formatting mine to highlight the 2nd sentence);

"Schneier is the author of the best sellers "Beyond Fear," "Secrets and Lies," and "Applied Cryptography," and an inventor of the Blowfish and Twofish algorithms.

He is the Chief Security Technology Officer of BT (BT acquired Counterpane in 2006), and is on the Board of Directors of the Electronic Privacy Information Center (EPIC).

He is a frequent writer and lecturer on security topics. See <http://www.schneier.com> blog/newsletter)."

While I'm not expecting him to put his employer in 'The Doghouse' section in his newsletter (however justified), I am surprised that he can't bring himself to even mention Phorm. And why hasn't he been asked for a quote by the likes of El Reg? Bruce is usually happy to comment on *most* matters security related in his Crypto-gram newsletter.

Looks like he was on the dark side all along...

0
0
Flame

re Old Boys Club comment, "BT executives" in article

Look, let's name names, right? This isn't a failure of *collective* responsibility (these things rarely are), there are always *individuals* responsible (though having them called to account is as rare as hen's teeth).

The CTO at BT Retail at the time of the denied trial is now the CTO at Phorm. What are the chances he bears some responsibility?

http://www.phorm.com/about/exec_scleparis.php

Ex-Home Office minister (and ex-Andersen staffer) Pat Hewitt is now a non-executive director at BT, though wasn't at the time of the denied trial (was she still at the Home Office at that time????). Might she also be expected to "do the right thing", as non-execs are supposed to do?

0
0

Re:BT has nothing to worry about

Well when the cabinet want to leave (or are thrown out/sacked) they will want a nice cushy job to go to. I mean, the pension is nowhere NEAR enough to compare with a CEO's pension of a company with 200,000 employees like the Civil Service!

Please! Someone think of the MP's!!!

0
0
Joke

Data Integrity

Bollocks to all this..can BT confirm data integrity when it comes to home workers? If I was working at a Bank or Fund Managers or anything similar with people frome home coming in from BT ADSL, I would be very worried about confidential data being captured by Phorms deep packet inspection.

As an IT Admin, I would be getting written BT statements confirming that business ADSL isnt being tracked, not the opt out cookie rubbish but actually on a different backbone.

I reckon that BT would rethink this if they realise that IT deparments around the country are dropping their ADSL services because confidential business matters could be picked up by Phorm.

Joke: Cause thats what OfCom really is

0
0
Pirate

But what about Virgin

I just this moment got off the phone from Virgin media and asked them about Phorm.

The lady I spoke to went quiet and put me on hold.

Her answer was along the lines of 'Yes we do use phorm, but it's just a general thing and doesn't target you personally'.

I asked if I could opt out but was told "No."

Finally when asked if it records any personally identifying information she also said "No."

Pirates because well, frankly, they operated for personal gain in spite of the rules as well.

0
0
Silver badge

@ Anonymous Coward

'Pat Hewitt is now a non-executive director at BT, though wasn't at the time of the denied trial (was she still at the Home Office at that time????)'

Not quite, she was busy screwing the NHS into the ground with Connecting For Health.

You'd have thought that would have been a full time job, but not for Patsie Hewitt - she still had time to threaten Channel 4 News for revealing that MTAS was publishing personal data on a public website. It's that sort of care for the public which must have had BT banging on the door waving bank notes in her face.

0
0
RW

@ vishal vashisht

[Projected scenario:] "IT deparments around the country are dropping their ADSL services because confidential business matters could be picked up by Phorm."

Seems to me that it behooves all El Reg readers to send *written* memos regarding Phorm up the managerial ladder above them. "Are we making sure that our valuable propietary information cannot be compromised by BT & Phorm?"

Shareholders also need notification, which perhaps can be done most easily by posing a formal question on the matter at corporate annual meetings.

Paper is essential because "oh, the mail server must have deleted it as spam, I never saw it" is then no longer a viable excuse for ignorance.

Be sure to keep two paper copies, one in the expected file, and another one hidden under a drawer in case the file copy is quietly destroyed.

0
0

Stealing ad space

Something I haven't seen mentioned in the Phorm debate yet is that they are overwriting adverts in web pages with their own 'relevent adverts' so effectivly stealing the advertising space from the web host.

It's exactly the same as plastering your own poster up on a billboard over the top of someone elses, it's the digital equivilant of flyposting, which is illegal.

0
0
Tom

Re. Virgin.Media involvement.

Notice how the Virgin logo has vanished ftom the webwise.com home page? Significant? As a VM customer, I sincerely hope so.

http://www.webwise.com/

0
0

@Dave

I've just phoned Virgin Media (150, option 4, hold for an operator), and the lady I spoke to hadn't heard of Phorm - seem there still are those who haven't!

She went off to ask someone else, and told me that they are NOT using it, and that it was BT that had used it but had had some trouble (ha!) and that VM are definitely not using it and have no plans to do so. I asked her if that was the "official line", and she confirmed yes.

Anyone else want to call them and see if they get the same answer?

0
0
Anonymous Coward

Disgraceful double standards in law

It really is disgraceful. Anyone else would be looking at jail time for this.

0
0
Anonymous Coward

Wholesale Vs Retail

As a friend once said to me:

BT Wholesale = Generally better educated & highly intelligent staff - Top Grade management, More technically qualified and skilled workforce.

BT Retail = Staff who didn't make it into into Wholesale, good, honest but generally a lower grade workforce, Very poor Management (Dead man's shoes command structure).

Would that explain anything?

0
0
Flame

I hate to tell you this...

Oh all right then...

I told you so ... there thats better!

Any company that has an "value-added services" department deserves suspision in my book. The added value is for who's benefit?.......

0
0
Anonymous Coward

Phrom/BT Entity-Relationship Diagram

http://phormwatch.blogspot.com/2008/07/entity-relationship-diagram-of-bt-and.html

0
0
Paris Hilton

@Chris Campbell

While my opposition to Phorm is implacable, fairness demands that your assertion that Phorm overwrite other people's ads be refuted. They only overwrite their own general ads with targetted ads, whenever a Phorm-phriendly luser is detected.

Paris, because her insertions are not as well controlled as Phorm's

0
0
Alert

Be sure your sins will find you out.

Having just recently been kicked off the BT Beta forums by a company desperate to keep as many of their customers in the dark about Webwise as possible, it gives me a great deal of pleasure to see the way the FOI procedure is gradually unravelling the spider's WEB of obfuscation that has been spun around this whole topic for over two years, by those who even now are wriggling and squirming and umming and erring, to try and conceal the true facts.

Given the recent fairly robust response by the Information Tribunal in slapping down attempts by DBERR to conceal information about commercial lobbying from the public, we will be looking forward to full disclosure of that "commercially sensitive" information that is being currently witheld by the Home Office.

I'd also like to know what people like Bruce Schneir from BT Global have to say, whether they still work for BT or not, and another question - when did the BT's Head of Information Security, John Regnault find out about this plan, and what was his advice. Was his advice sought prior to the covert trials?

BT Group have denied reports of rifts within the organisation - so can these two individuals give us statements please?

We've been watching BT watching us. And we know more than you think we do.

0
0
Thumb Up

The real reason they are making blatantly false and self-contradictory statements ...

... is that they are all of a sudden absolutely shit-scared that some of them are going to get banged up for this. Because they're starting to believe that it might actually happen.

It's a bit premature to declare victory yet, but note well: the enemy's morale is falling and we have them on the run.

0
0
Go

Bruce Schneier's opinion

If you want Bruce Schneier's opinion, you can always ask him:

http://www.schneier.com/contact.html

0
0
Anonymous Coward

@"stealing ad space" - pls get wiv da program

Chris, are you sure about that? Phorm is indeed a heap of dingos kidneys, but afaik it doesn't overwrite *other people's* adspace, it relies on gullible advertisers buying premium-priced Phorm adspace, which then either displays generic ads if being viewed by de-Phormed folk on sensible ISPs, or for folk with malPhormed ISPs it (allegedly) displays highly valuable "specially personalised" ads based on "anonymised, non personally identifiable" (oxymoron alert) surfing profiles etc. Go read Phorm's own bs on "OIX" for more info. Or for a different viewpoint, read Alex Hanff's white paper.

The Guardian was, originally, going to be one such gullible advertiser. They aren't any more [1]. I don't know about the other "launch partners" (which included ft.com and a handful of lesser known names)..

[1] http://www.theregister.co.uk/2008/03/26/guardian_phorm_uturn/

0
0
Bronze badge

If you live outside the law you must at least be honest

In the late 1970s I used to enjoy an occasional pint with three telecomms engineers from the local exchange (which I visited when they had an open day). One of them was apparently authorised to set up phone taps, a process which in those days involved a yellow twisted pair wire clipped to the line. In the main he did the same sort of work as his mates, though his pay came via the Home Office; and he had presumably signed up to the Official Secrets Act.

What happened after privatisation and the introduction of System X and Zircon I don't know. But authorised snoop channels are still required, to deal with both wiretaps for which a warrant has been issued and in addition the hundreds of thousands of requests for data that are made annually under RIPA.

The equipment which was installed for the behavioural marketing tests allowed, in principle at least, wholesale access to tens of thousands of subscribers' data. This wasn't a botnet with keyloggers or whatever installed on the machines of hapless people who didn't protect themselves. It had the potential to intercept large amounts of data wholesale with little chance of detection because it took place at provider level. It involved the installation of equipment in exchanges. And this was a very different matter than, say, the Perl scripts used by Gary McKinnon to access supposedly unauthorised information. It was interception at a level not much different from the government's passive taps.

(http://www.theregister.co.uk/2008/08/09/mckinnon_ufo_cyberterror_analysis/)

It could have been expected that the Home Office would know about these tests as a result of their overall programme to monitor communications. Alternatively, if they really didn't know, then there is a strong argument that a culpable failure of national security measures occurred.

0
0
Unhappy

Net Firms Decide If They Are Legal

From the BBC

"In her questions Baroness Miller has asked about the issues surrounding Phorm and the technology it employs.

In one question she asked if the government has issued advice to net service firms about getting consent for web-watching ad systems or what needs to be done to let people know their web habits could be monitored.

In response the government said it was up to net firms to decide if a service they provide was within the law. "

... and if they're not, the authorities will do sweet F.A.

0
0
Stop

Advice to BT et al. from a Yank

> Today BT's spokesman ... refused to elaborate, citing fears the project would become a "hostage to fortune".

Gawl darnit Mr. BT-spokesman, you use your tongue prettier than a twenty dollar whore.

The only damage-in-the-future fortune that could befall you (BT) is in the finding out through further FOIA requests even more "inconsistencies" behind your (BT's) public spinning. Take a lead from PR-savvy American companies: Militate against any potential PR disaster by publishing the *complete* (and verifiable) data on the who / what / when / where / how for all of your (BT's) unknown trials. Mitigate the current fallout from the known trials by doing the same. You (BT) could just come clean, take your chances in court, and move on. (Then sin no more, yes?)

It's too simple, really. If you (BT) did nothing wrong, then you (BT) have nothing to hide. It's the post-facto lying, not the original sin, that'll get you (anyone) in the pokey every time.

/s/ A Yank helping to fight terrorism beyond our shores.

x-El-Reg-audience: Irony and sarcasm thresholds exceeded; proceed at your own risk.

0
0
Happy

refute?

If you can refute, can you also 'fute'?

0
0

Just arrest the phuckers

for dawkings sake. they're guilty. we all know they're guilty. even they know they're guilty.

0
0
Silver badge
Boffin

BT Security

"when did John Regnault find out about this plan, and what was his advice. Was his advice sought prior to the covert trials?"

I would hazard a guess about the same time as Bruce, i.e when the story broke on El Reg.

Also, I wouldn't read too much into the silence from Bruce's corner. From what I've heard about him he (or John) are probably the main reasons this turd of a technology hasn't been deployed yet. Time will tell.

0
0
Pirate

Testing Legality

Wasn't there a Police Officer who was only testing his new nena car with the dash cam on? wasn't his defence that he was only testing too?

I'm off to test bank security...

0
0

Page:

This topic is closed for new posts.